back to article Android devs prepare to hit pause on ads amid Google GDPR chaos

Android developers are reluctantly considering putting Google ads on ice because of uncertainty over whether they'll be GDPR-compliant, cutting off what in many cases is their sole revenue source. With 10 days to go before GDPR, developers told us they are still waiting for an SDK that Google promised them, one they can't …

  1. Aitor 1

    Consent

    I have read both guidelines and law (had to)

    You cannot require consent unless you need it for the service, as in "actually needing it", not "this is needed for me to get money/call an API that needs it to monetize".

    So yeah, I fully agree with the article.

    1. Loyal Commenter Silver badge

      Re: Consent

      So - no consent, no personalised ads?

      Surely it should just fall back to unpersonalised ads then? Assuming consent is a big no-no in the brave new world of GDPR.

      1. Anonymous Coward
        Anonymous Coward

        Re: Consent

        "So - no consent, no personalised ads?"

        Yes please. In my experience, I'm more likely to get relevant ads if they aren't personalised...

      2. Hans Neeson-Bumpsadese Silver badge

        Re: Consent

        So - no consent, no personalised ads?

        Surely it should just fall back to unpersonalised ads then? Assuming consent is a big no-no in the brave new world of GDPR.

        That's what I thought as well. However, it might be possible that advertisers (who pay per ad impression displayed) might not be wanting to have ads displayed in an untargeted fashion. Knowing that they have been charged $<x> for an advert to be shown to someone who fits their target demographic is one thing, but running the risk of spending their advertising budget on ads that are shown to random individuals with no interest in the product or service? They might not want to pay for advertising in the latter case

        1. Kevin Johnston

          Re: Consent

          As mentioned in the previous comments, personalised Ads tend to be for products/services already purchased so they would be late to the party and getting no money anyway. Again as mentioned above, non-personalised is far more likely to include things you may be looking to buy in the near future

          So on balance, the less personalised they are the more likely they are to be successful. Hang on, that can't be right as it is the opposite of how Google are selling their services....I'm so confused

          1. John Lilburne

            Re: Consent

            "Hang on, that can't be right as it is the opposite of how Google are selling their services....I'm so confused"

            Just because that can do X doesn't mean that X is effective. It used to be that tobacco companies advertised their products as good for your throat etc, one wonders why it is that tech companies don't have to prove their claims?

            https://www.vice.com/en_uk/article/kzpajy/12-slightly-unbelievable-adverts-for-booze-and-cigarettes

        2. Voland's right hand Silver badge

          Re: Consent

          might not be wanting to have ads displayed in an untargeted fashion.

          It is targeted. By context. The best targeting there is and the best targeting there can be.

          The scumbags should get on with the program and comply with legal reqs.

          Google will need to do more work though. The apps should now start supplying as much context as it can extract from a webpage. If it was Google from 15 years ago this would not be an issue. Google in 2018 - it quite likely will be. It has acquired some of the worst large company characteristics.

          1. Lee D Silver badge

            Re: Consent

            The chances of someone clicking on a waffle iron advert when playing a strategy game are slim.

            However, there's a good chance they may be interested in a rival game, for instance.

            Almost all "personalised ad" stuff is absolute nonsense.

            I only ever get ads about things totally unrelated to the pages I'm reading when they are "personalised". The best one was trying to advertise spandex leotards to me, on a Linux news site. I still can't fathom how they picked up those keywords, nor what kind of masochist WANTS to imagine their target audience of Linux nerds like that.

            1. Anonymous Custard
              Trollface

              Re: Consent

              So does this mean I might get ads for what I might actually want, rather than ads for stuff I just bought off the internet?

              Wonders will never cease, what will they think of next...?

              Perhaps adverts that don't play stupid inane tunes at full volume (especially the ones without a mute button) when the app you were using that spawned them was on silent/mute?

            2. James 47

              Re: Consent

              > However, there's a good chance they may be interested in a rival game, for instance.

              Games publishers readily block ads from competitors, for obvious reasons.

            3. Mage Silver badge
              Devil

              Re: "personalised ad" stuff is absolute nonsense.

              The solution for Google & Facebook etc is simple. Stop peddling the fake snake oil of Targeted and Personalised. Stop gathering personal and other information.

              Just do adverts like TV, radio, magazines, newspapers, buses and billboards do. Stop the click fraud and lies about impressions, have 3rd audits.

              Stop with the too invasive analytics, just count unique IP addresses per running hour and don't keep them.

              Web Advertising has become an evil, dishonest, exploitive, immoral, law breaking, parasitical monster.

              1. ridley

                Re: "personalised ad" stuff is absolute nonsense.

                TV,radio, magazines, newspapers all offer targeted ads by demographic. Billboards and buses do to, though onlying by location.

              2. David 164

                Re: "personalised ad" stuff is absolute nonsense.

                How are auditors suppose to audit if google don't keep IP addresses?

              3. bombastic bob Silver badge
                FAIL

                Re: "personalised ad" stuff is absolute nonsense.

                ads within applications [and operating systems - Microshaft] is JUST! PLAIN! WRONG!

                [I will not download nor use 'adware']

                I can tolerate web site ads when a) they're part of my shopping [like amazon, target, etc.] or b) they're not IN MY FACE so I can ignore them if I want [like ads have been in newspapers forever].

                Beyond that is irritating, and you don't want to irritate your potential customers.

            4. Wensleydale Cheese
              Happy

              Re: Consent

              "The best one was trying to advertise spandex leotards to me, on a Linux news site."

              There was an instance of a support site for LaTeX suddenly attracting a lot of hits from folks searching for pron.

          2. Wensleydale Cheese

            Re: Consent

            "It is targeted. By context. The best targeting there is and the best targeting there can be."

            In a sense it's like going back to magazine / TV / radio ads.

            You put the ads for gardening equipment in the gardening sections.

        3. JohnFen

          Re: Consent

          "They might not want to pay for advertising in the latter case"

          Good.

        4. really_adf

          Re: Consent

          ... running the risk of spending their advertising budget on ads that are shown to random individuals with no interest in the product or service? They might not want to pay for advertising in the latter case

          As per a quote I heard: "Half the money spent on advertising is wasted; the problem is working out which half."

          1. Anonymous Coward
            Anonymous Coward

            Re: Consent

            "As per a quote I heard: "Half the money spent on advertising is wasted; the problem is working out which half.""

            Lord Lever. Obviously got it right as Unilever is still a big thing.

          2. Wensleydale Cheese
            Happy

            Re: Consent

            From Bruce Schneier's book "Data and Goliath"

            There’s a famous quote, most reliably traced to the retail magnate John Wanamaker: “I know half of my advertising is wasted. The trouble is, I don’t know which half.”

            1. DavCrav

              Re: Consent

              "Lord Lever. Obviously got it right as Unilever is still a big thing."

              "There’s a famous quote, most reliably traced to the retail magnate John Wanamaker: “I know half of my advertising is wasted. The trouble is, I don’t know which half.”"

              I was under the impression that this particular quotation has been attributed to many people, and was probably not said by any of them.

              1. Anonymous Coward
                Anonymous Coward

                Re: Consent

                "I was under the impression that this particular quotation has been attributed to many people, and was probably not said by any of them."

                I thought it was belived that only half the people who have this quote attributed to them actually said it - but no-one knows which half. Then again, as someone said "most quotes are made up"

              2. GIRZiM

                Re: Consent

                I was under the impression that this particular quotation has been attributed to many people, and was probably not said by any of them.

                It was Einstein, wasn't it?

  2. ken jay

    i have always blocked as many ads as possible, i am not responding to 99% of GDPR emails asking for me to consent.

    due to the amount of embedded types of malware in ads i will never consent to seeing them and usually i will research what i need myself and actively shun ads that force their way past my browser protections.

    yep devs get it into your heads some of us do not want any advertising on the internet thats targetted or untargetted.

    1. Gordon 10

      Are you one of the same people that refuses to pay for any content on the internet too?

      I'd love to live on your utopian internet but the fact is some services have no otherway to fund themselves.

      I dont particularly like it but we are stuck with it, unless you want hobbyist/free stuff and lots of paywalls.

      On balance I have come to the conclusion that a little light advertising is ok. I just avoid sites (ironically mostly owned by big media) where the scripts slow the site to a crawl. Yes I know about NoScript - but if they arent impacted by you not visiting then you are prolonging the problem.

      1. JohnFen

        "I dont particularly like it but we are stuck with it"

        I disagree. There's nothing about advertising that is mandatory. There are numerous other ways to monetize, if that's the goal.

        "I have come to the conclusion that a little light advertising is ok"

        I don't mind advertising as such (unless it is of the obnoxious sort -- video, sound, popups, etc.). I mind the tracking, and strongly feel that no ads should be running scripts of any sort (whether they're for tracking or not). Unfortunately, the ad industry has decided that those two things are inseparable.

      2. Charlie Clark Silver badge

        Are you one of the same people that refuses to pay for any content on the internet too?

        That's a bit of a strawman but it also beside the point: advertising is by definition wasteful. I have for years ignored all kinds of adverts especially for things like cars, which I've never owned. I'm not alone in this and this behaviour is factored into the model.

        The solution isn't better targeting, it's better ads and particularly ones that don't disturb the flow. The targetting is a red herring pushed by media companies hoping that advertisers won't demand lower rates once they realise things are just as inefficient as they always were. This is one of the reasons why Instagram is doing so much better than Facebook's own ad networs, because, given a choice most sellers would prefer to be able to talk directly to the customer.

        1. Wensleydale Cheese

          "I have for years ignored all kinds of adverts especially for things like cars, which I've never owned."

          In contrast, I enjoy a good car advert, if only for the artwork involved.

          Many of these are for stuff that's out of my price range or for vehicles I wouln't consider buying from a practical view, but I still enjoy them.

          In the old days of paper magazines, that was definitely a factor in buying the magazine itself.

        2. Anonymous Coward
          Anonymous Coward

          The solution isn't better targeting, it's better ads and particularly ones that don't disturb the flow.

          So for tv and film you are suggesting product placement. This goes on already. you may notice in some films everyone drives a GM. ford or Toyota for example. The problems is that its harder for advertising standards to police. How do you police a film where the hero only orders a Vodka, gin and vermouth cocktail, naming the ingredients by brand? surely that's associating alcohol with heroism with no "drink responsibly" subtitle to go with it. is it implied that he is a better shot if he uses a gun made by Carl Walther? Surely gun adverts are banned in the UK? maybe a Taylor in Saville Row will pay up for a scene where our protagonist goes to buy a new suit.

          adverts need to be clear that what you are watching is an advert.

          1. Charlie Clark Silver badge

            So for tv and film you are suggesting product placement.

            Not necessarily, it's just one of the different options. Internet ads fails because they try too hard to grab your attention.

          2. Aitor 1

            No way

            Product placement is horrible, as it destroys/damages the content.

            I still remember Samsung doing this on CSI. Focus on brand in whatever then pan to the action. It sucks.

            1. Nick Ryan Silver badge

              Re: No way

              Product placement is horrible, as it destroys/damages the content.

              One of the worst that I remember is the first bloody five minutes of I, Robot which seemed to exist solely as an advert for some shitty trainer (sport's shoe) company or other.

            2. Charlie Clark Silver badge

              Re: No way

              Product placement is horrible, as it destroys/damages the content.

              I suspect content matters a lot here. Generic fiction is likely to attract companies pushing their high-margin brand.

              But what do you think Top Gear is apart from product placement? Rinse and repeart for DIY shows. I know I'm susceptible to tips from people I consider to know what they're talking about or, influencers in despicable marketing speak.

      3. Anonymous Coward
        Anonymous Coward

        Are you one of the same people that refuses to pay for any content on the internet too?

        Yes. Absolutely. And I block ads. And if that means websites go down? Well I just don’t give a fuck.

      4. BlueTemplar

        We are stuck with [advertising], unless you want hobbyist/free stuff and lots of paywalls.

        No we are NOT stuck with it.

        Flattr makes micro-payments automatic, depending on what websites you visit :

        https://www.theregister.co.uk/2017/11/30/eyeo_adblock_interview/

        https://flattr.com/

    2. Brewster's Angle Grinder Silver badge

      First, we're talking about *apps* not browsers.

      Second, people might dislike adverts, but most people would rather put up with them than pay hard cash for apps. That's true of the wider internet, and historically has been true of ad-funded free-to-air TV and ad-funded free papers and magazines. It's not the producers who dictate this but the consumers. Without ads there's less content and the budgets of the content there is, will be smaller.

      Of course the joy of such as system is some of us can be free riders -- blocking and fast-forwarding through ads, while still getting the free content. So long may it reign. But I freely admit I'd part of the problem and try not to bitch too much.

      1. Hans Neeson-Bumpsadese Silver badge

        Second, people might dislike adverts, but most people would rather put up with them than pay hard cash for apps.

        Curiously, unlike apps, in the case of subscription TV services like Sky people seem quite happy to both pay a subscription AND watch adverts. Funny old world....

        1. JimmyPage Silver badge
          Stop

          re: people seem quite happy to both pay a subscription AND watch adverts

          and yet pirates not only get the content free, they get it *ad* free ?

          Surely some mistake ?

        2. Anonymous Coward
          Anonymous Coward

          They *seem* happy, until given the opportunity to buy broadband internet unbundled from cable TV. Then they gleefully dump cable for ad-free streaming services.

          Crowdfunding is also replacing advertising as a funding stream for upstart content producers, particularly 'demonetized' youtubers, as well as large open-source development/production tools, games, apps, etc. This model is excellent for anything with a committed audience, as opposed to clickbait.

          1. JimmyPage Silver badge
            Thumb Up

            Crowdfunding ... as a funding stream for upstart content producers

            Having flung a few quid at Richard Herring for his excellent "Leicester Square Theatre Podcast" (or, as the cool kids are calling it: "RHLSTP !") I'm quite happy with this arrangement. Generally an entertaining and occasionally thought provoking hour with a (generally) comedic celebrity, unencumbered with worries about taste and decency.

            There are also a few non-comedic gems ... Mary Beard, Ben Goldacre spring to mind. And it's thanks to RHLSTP that Mrs Page and I have been to see James Acaster, Josie Long, Robin Ince, Josh Widdicombe, Sarah Pascoe, Nish Kumar, Romesh Ranganathan, Mark Thomas, Bridget Christie ....

            And, famously, it was on a RHLSTP that Stephen Fry admitted to attempting suicide - so real scoop there.

            1. Hans Neeson-Bumpsadese Silver badge

              Re: RHLSTP

              Generally an entertaining and occasionally thought provoking hour with a (generally) comedic celebrity, unencumbered with worries about taste and decency.

              Indeed. I was listening to the Jess Phillips (MP) episode yesterday - entertaining, and very refreshing to hear an MP speaking as frankly as she did (even with the odd very unparliamentary F-bomb thrown in for good measure)

        3. Anonymous Coward
          Anonymous Coward

          ...AND THE BILL WOULD BE?

          in the case of subscription TV services like Sky people seem quite happy to both pay a subscription AND watch adverts.

          and how much do you think sky would charge for subscriptions if there was a option to skip adverts?

          I remember years and years ago, right at the time of the very first digital tv recorders from TVo appeared. They had come up with a feature where it would read the codes that are transmitted with the picture so that regional tv stations could take over for the adverts, so that you can hit a skip adverts button. I remember seeing a demonstration of it, but it never ever appeared in a commercial product. I have no doubt it is quite easy to implement in a digital TV recorder but pressure must have been applied somewhere to drop it.

          I get that adverts are a required evil to cover the costs of producing content, I prefer adverts to be targeted but not personalised. When I find a app useful if there is an option to buy the add free version, I will pay up.

          I do find it ironic that while watching youtube videos from the atheist video content providers that adverts pop up from some bible app.... I do make a point to click on and play the adverts just for devilment.

          1. Roj Blake Silver badge

            Re: ...AND THE BILL WOULD BE?

            They may have done away with the "skip adverts" button, but the fast forward is still there and works almost as well.

            I've not watched an advert on Virgin for years.

            1. Anonymous Coward
              Anonymous Coward

              Re: ...AND THE BILL WOULD BE?

              "but the fast forward is still there and works almost as well."

              but you still see the advert. maybe its not in its full entirety, but you still see a product thrust in front of you for 2 seconds instead of 30...

              and you are watching for the advert for whoever is sponsoring whatever program to take your finger off.... I dont think it will be too long until sky or virgin media get a brown envelope stuffed with cash to stop you fast forwarding adverts, or at least limiting it to x2

          2. Anonymous Coward
            Anonymous Coward

            RE:

            how much do you think sky would charge for subscriptions if there was a option to skip adverts?

            Dunno. How much is a NetFlix subscription ?

    3. Anonymous Coward
      Anonymous Coward

      yep devs get it into your heads some of us do not want any advertising on the internet thats targetted or untargetted.

      So, do you only use products/services that you have paid for? Or, if you are using free-to-download & use apps that are supported by advertising, do you offer the developers some other form of payment by way of compensation? Or do you just expect to get to use stuff for free without worrying one bit about how the developer who built it actually makes an income?

      Enquiring minds would like to know.

      1. JohnFen

        "do you only use products/services that you have paid for?"

        Yes, except for those products and services that are actually offered for free (if it involves advertising, then it's not free).

  3. ExampleOne

    Call me cynical but...

    Perhaps Google don't want to arrive at a clear and coherent position? As far as I can tell from reading everything, they are desperately trying to claim they are as out of scope as possible, and are setting themselves up for another lesson in basic regulation reading down the road.

    Let's remember, this is the company that tried to claim they weren't a data controller because all the data they collected and stored was in the public domain. The CJEU politely pointed out that the data protection rules don't actually mention WHERE a data controller collects their data from, so by Googles own admission they clearly were a data controller... (Note: Data Protection 101 pretty much covered this exact point prior to the court case!)

  4. Anonymous Coward
    Anonymous Coward

    This confuses me with the whole consent thing. The dev is creating the app so sure there is consent but google are also serving me the app and in many cases they are processing my data via the app so where is their request for consent? Surely they can't just throw it all on the dev and get the dev to get consent for google which is what it looks like to me and even if they did how do google prove consent has been obtained properly? Also, whats with this google "paused" stuff in the activity settings? I want to turn it off forever thanks.

    1. Herring`

      This confuses me with the whole consent thing.

      Well, Mr Weinstien, in order to provide Angry Fruitbox (the service) it's not necessary for the game publishers to share your personal data with Google. If they want to sling you untargeted ads then that's fine.To use another example, if I buy a pint in the pub and the barman tells me that to serve me a pint, he needs my email address so they can share it with "third party affiliates" then that would be unacceptable. I should be able to buy a pint without consenting to give over my personal data (although I could consent).

      I mostly see ads for doner kebabs.

    2. Anonymous Coward
      Anonymous Coward

      I'll bite, AC.

      Since Google is collecting users' personal info and processing it to target ads at them, it would seem to be Google who must ask for consent the first time a user opens an app which includes Google ads. The user's choice should be recorded as a phone-wide or per-app setting, at the user's discretion, without storing anything on Google servers as that requires a unique personal identifier which they are not allowed to store without consent.

      This is rather "problematic" for Google's business model.

      So I guess they're attempting to shift the burden of consent-seeking to free app developers who are by-and-large unscrupulous, highly motivated to 'encourage' consent, and located outside the EEC in places like India where GDPR enforcement will be next to impossible.

      1. DavCrav

        "So I guess they're attempting to shift the burden of consent-seeking to free app developers"

        And I suspect unlikely to succeed in dodging the law.

        1. David 164

          Given the EU courts past actions of just reinterpreting the laws to suit their agenda, I suspect you are indeed right.

      2. Aitor 1

        I disagree

        When I download an app, I decide to download that app, and the agreemen, if any, is between me and the developer. I am not the one to decide if there are ads or not, and if they are targeted or not.

        So yeah, I have to give informed consent.

        Also, if I have to agree to provide my personal info in order to get the app or for it to work, and that information is not needed for the app, then that consent is void.

        At no point I have a contract with google, they are a mediator.

        Another thing is that Google itself should be considered a data controller as they do store that info, and they are also probably breaking the law, but this does not remove the onus from the app writers/owners.

        1. Nick Ryan Silver badge

          Re: I disagree

          Yes, in Data Protection (and now GDPR) terms, the app developer, or publisher, is the Data Controller and Google is the Data Processor. It is up to the Data Controller (app developer) and Data Processor (Google) to agree on the data agreement, although in this case it's largely Google stating what information they need to be given to process the data and for the app developer to "agree" to this - and either negotiate something different (hahahaha) or use a different ad slinging toolkit.

          The app developer, as the Data Controller, is largely responsible however the responsibility may be split as necessary in the data agreement although there are quite a few parts of data responsibility where neither the controller nor processor may wriggle out of through any legal or contractual means. An EU based app developer must comply with GDPR if passing, or making available, personal data to Google and Google must comply with the processing and storage of this, they cannot claim that it is entirely the app developer's responsibility because the GDPR specifically covers the processing of EU citizen data regardless of where this is performed. Google should have an EU data centre for the storage and processing of data from EU app developers and this data centre should also be used for the storage and processing of data for all EU citizens (good luck identifying these 100% reliably). Failing to do this and data will be exported to a regime with no, or a pathetically small amount of, data protection, such as the US and this will put Google in contravention of the GDPR regardless of the app developer's location.

          The really dumb thing is, all this could have been sorted out a year or so ago as the GDPR only extends upon existing data protection, it does not create anything different. Unfortunately many dumb organisations are insisting that GDPR functionality will only be available after the 25th or so - there is no valid reason for this.

  5. Prosthetic Conscience
    Meh

    "but warned it couldn't actually be tested until after GDPR was in place"

    What they mean by /test/ is they'll wait to be tested in the courts when they get sued by the EU and see how that turns out and put in the work afterwards.

    1. Danny 14

      Re: "but warned it couldn't actually be tested until after GDPR was in place"

      which puts them into the 4% revenue (not profit) fine as they havent bothered to comply. That will be amusing.

  6. Anonymous Coward
    Anonymous Coward

    AD Vampires

    ...."if a user's consent state is UNKNOWN and an ad request is made, Google WILL STILL serve personalized ads."....

    Says it all....

    Google, Why not default to OFF for a few weeks while GDPR gremlins are purged? World-war / Revolution would be worth it if it destroyed this Industry of Slurp! Victorian-era 'body-parts' harvesting had more ethics!

    1. Loyal Commenter Silver badge

      Re: AD Vampires

      IANAL, but my understanding of this part of GDPR is that if you don't have explicit consent, you can't assume it, so Google are in breach of the legislation if they do this.

      As I said, IANAL, but I do come at this from the position of someone who has spent the last six months of their life designing and writing software concerned with GDPR, so I do have some familiarity with it!

      1. Aitor 1

        Re: AD Vampires

        Not only that, but consent cannot be mandatory or no service unless it is needed to provide the service.

        So to show me a map you do not need to know my age, etc.

  7. This post has been deleted by its author

  8. Jamie Jones Silver badge

    I HAVE NO SYMPATHY

    Firstly, I've spent a lot on apps over the last 5 years, so this isn't about freeloading.

    I also used to let ads pass through. Not any more. Not since I discovered that just about every ad-company (that provide a sdk for app makers to use) are scum sucking arseholes, and I'm sure were breaking the law even before GDPR comes into play.

    Routinely, they all record your exact location, (they'll grab your wifi mac in case it's blocked, and any cell info they can - sod the permissions, i believe they just read /proc/net/* -- /proc/net/arp and /proc/net/tcp are good ones -- why the hell they are world-readable is another question)

    Some of them even cause the app to start on boot, and refuse to die, continually connected to the ad server, even if you haven't even loaded the app. "*******.com" is guilty of this. Even if it's benign, the arrogance to think that it's ok for them to do this is astounding - what if every app did similar?

    Some grab a list of everything you have installed. OS version/model name are a given.

    1. James 47

      Re: I HAVE NO SYMPATHY

      > Some grab a list of everything you have installed. OS version/model name are a given.

      Everything Google can grab is listed here:

      https://developers.google.com/ad-exchange/rtb/downloads/realtime-bidding-proto.txt

      Not all of it is present usually.

  9. Dan 55 Silver badge

    Settings > Google > Ads > Opt out of ads personalisation

    So what has this been doing for the past x years, then? Is it there just to look pretty?

    1. Loyal Commenter Silver badge

      Re: Settings > Google > Ads > Opt out of ads personalisation

      GDPR says consent has to be explicitly OPT-IN (off by default), so this setting (on by default) cannot be used as a get-out clause.

    2. JohnFen

      Re: Settings > Google > Ads > Opt out of ads personalisation

      " Is it there just to look pretty?"

      Basically, yes. Opting out of personalized ads does mean that you won't get personalized ads. It does not mean that Google stops spying.

      1. Dan 55 Silver badge

        Re: Settings > Google > Ads > Opt out of ads personalisation

        Don't know who downvoted you. But Google should push out an update to Play Services to make this option opt-in and GDPR compliant and app developers shouldn't need to do a single thing.

        If Google is found to be wanting and their muddying of the waters and dragging legal nonsense out for years gets developers in trouble, hopefully it'll mean developers switch to another GDPR compliant ad network.

        1. Jamie Jones Silver badge

          Re: Settings > Google > Ads > Opt out of ads personalisation

          So what has this been doing for the past x years, then? Is it there just to look pretty?

          There are far more ad brokers than just Google, and whilst Google may honour their resettable ID, many other ad firms use things like your host uuid, mac address, etc. to uniquely identify you.

  10. Handy Andy
    Holmes

    AdMob Trojan Horse

    From a dev POV...

    Isnt the admob (or other ad framework) thing just a trojan?

    Dev includes it in App, some pixies elsewhere decide what ads to show and how they will decide.

    For the dev, surely the whole consent thing is a SEP? (Someone Elses Problem, the pixies problem in fact).

    How can the dev know what intrusive privacy busting mischief the pixies are up to?

    Are we heading back to nagware and crippleware (instead of nosey spamware)?

    1. Dan 55 Silver badge

      Re: AdMob Trojan Horse

      How can the dev know what intrusive privacy busting mischief the pixies are up to?

      The dev is the data controller, the pixies are the data processor, and GDPR says the pixies must tell the dev what they're doing.

      So the pixies are going to have to tell everyone the ingredients they put in their special top-secret sauce.

      1. Old Tom

        Re: AdMob Trojan Horse

        The dev is the data controller

        How can a dev linking an ad sdk into their app be the data controller? Sure they are for any app data, but they have no contact with the ad provider's slurped data - the ad sdk provider is surely the data controller.

    2. Jamie Jones Silver badge

      Re: AdMob Trojan Horse

      If the dev includes a third party library, the dev is responsible for what that code does.

      Sure, they can't control what sort of ad is shown, but if the library delibrately works around id and location blocking, or continually runs a background process that 'phones home' with your complete apps history, even when you're not using the app,then they are equally liable.

      For a heads-up, install snarkbusters 2, with it's appjolt hidden process (even stays around if killed from android task manager, respawns on kill, starts on reboot). [It was about a year ago that I saw this - if it's changed now, I still have the original APK file for the free version)

  11. Andy 73 Silver badge

    Hmmm..

    As an app developer with Admob Ads, I store no personally identifiable information about the people using my app. Google's APIs take Google-stored information and pass it on to other Google services to provide personalised apps. Many of those APIs take pains to ensure that I as a middle-man cannot see or modify that data. Does GDPR therefore apply to me?

    Frankly I'm unimpressed by this legislation that has (deliberately?) introduced a vast range of grey areas that are being enthusiastically exploited by rent-an-experts, consultant services and others. From photography forums (are photographs GDPR compliant?) to cake shops (are we responsible for people using our hashtag?) the 'protection of the people' introduces more confusion than solution.

    1. LeeH

      Re: Hmmm..

      I've been commenting for months in various places to tell people how far reaching GDPR is. Few want to believe the full implications because GDPR compliance is both

      a) difficult to achieve where possible to achieve, and

      b) impossible for almost anyone who uses cloud or shared resources to achieve where any form of data is collected, stored or processed in digital format.

      Then there are the paper records to deal with. Who fancies reviewing filing cabinets and physical archives to edit or delete data or to check/remove consent basis?

      We can count ourselves lucky GDPR doesn't apply to data committed to human memory, or does it?

      Ads aside, GDPR is too well written. It is the Cookie Regulation II with big ugly teeth. All this could have been avoided had we obeyed the cookie laws just as a token gesture.

      1. Daggerchild Silver badge

        Re: Hmmm..

        "We can count ourselves lucky GDPR doesn't apply to data committed to human memory, or does it?"

        Did you give C3P0 permission to remember you? (face, voice, personality, likes, dislikes, conversation topics... all personal data)

    2. Daggerchild Silver badge

      Re: Hmmm..

      This is the first serious foray into legislating abstract datum flow circulating between the virtual and legislative spheres, and the forces of 'need' vs 'want'. There is absolutely no way it will work first time.

      Do you *need* to know your customer to improve your service, or do you only *want* to know, because you *believe* it will help. What do you do if it doesn't? Do you now *know* you don't *need* it, and you are now in breach? Double down? Quit?

      One thing's for certain. People are going to be sick to death of GDPR-permission beggingbowls, and GDPR-refusal plugins will rival AdBlockers in popularity (will the EU will legislate against those?)

    3. Anonymous Coward
      Anonymous Coward

      Re: Hmmm..

      “As an app developer with Admob Ads..”

      I.e. the enemy. Grave or stupid (or both) to show your face here.

      1. Jamie Jones Silver badge

        Re: Hmmm..

        Not only could ad companies distribute adverts, they could tell how many people were viewing them - already thats better than the "old media" advertisers had it.

        But that wasn't enough - they had to come out with so many dodgy tricks that are frankly illegal anyway that they only have themselves to blame for the GDPR unifying laws.

        I'm not a freeloader against ads in general, but these guys have proved themselves to be the bottom of the scum pile, and I have no sympathy whatsoever. Many even gloat on their website about the sort of invasive tracking they do.

        Unity ads and google ads seem to be the most well behaved. As for most of the others - even ones used by reputable software companies - arseholes.

    4. DavCrav

      Re: Hmmm..

      "Frankly I'm unimpressed by this legislation that has (deliberately?) introduced a vast range of grey areas that are being enthusiastically exploited by rent-an-experts, consultant services and others."

      Possibly, but the base line usually is:

      1) Are you processing personal data of EU residents?

      If 'yes', then

      2) Is it an absolute requirement for the service/good you are providing?

      If 'no', then you must have active consent. There's no workarounds, get out clauses, or anything else.

      1. David 164

        Re: Hmmm..

        But what does absolute actually mean, that will be different to each service. An that where there will lots of courts cases over. An that why I bet the app market in the EU is going crash and burn and the app market will cease to become a place where a hobbiest can even dream of playing. In fact it seem safer just for me to make my app available only to Americans and asians, South Americans and Africa, the EU could become a desert for apps.

    5. LeeH

      Re: Hmmm..

      There is a lot of data collected by web servers (I'll ignore other data collecting elements for now) that could render a request making client identifiable either by itself or when that data is combined with other available data.

      For example, server visitor/request logs that record browser device, visitor IP address, operating system, time of request and page requested. Then there are error logs that also record information about the client that requested the resource that prompted an error.

      It is not currently possible for most providers of digital services served from shared hosts to fully comply with GDPR. Though not technically Data Controllers in this case (because in this case the host provider is the technical Data Controller) those service providers are pathways for any data collected and stored by the web host. This makes them complicit in that data collection. To be fully compliant any such provider would need to ask permission for those data logs to be written before a request is serviced. How many shared host providers (for instance) offer the means for software running on their hosts to instruct the server to never record client PII data when resource requests are made or to anonymise such collected data? What about recursive deletion of such data held in historical logs/data backups? What if a shared host is hacked and log data compromised?

      Given time hosts will offer GDPR compliant servers. Costs will go up. As the topic here is ads, why do you think developers and website owners display ads? It's not because they make pages beautiful.

      One option is to filter every request through a middle service such as Cloudflare. This is not always an acceptable option and requires a lot of faith being put into the middle service.

      GDPR is not solely concerned with marketing. It is about the data ownership rights of EU Data Subjects (rights I agree with) and the obligations both data controllers and data processors must abide with regard to EU Data Subjects.

      I doubt regulators will go after bloggers immediately 25th May hits the world. There will be time to adapt. But GDPR affects the ways of the Internet more than many imagine.

      GDPR is a much bigger shake up of Internet provided services (and off-line services) than many people realise. Fun times ahead.

  12. Jim-234

    "Personalized ads" another rip off

    The whole idea of "Personalized ads" is yet another rip off that the people selling the "advertising" space foist on the companies trying to pay to get people to take notice of them.

    Pretty much without fail I get "Personalized" ads for things that I have just bought and will most likely not buy again for many years.

    Totally random things would be far more likely to actually provoke a bit of interest.

    1. Anonymous Coward
      Anonymous Coward

      Re: "Personalized ads" another rip off

      The only personalised ads that ever advertised something useful and of good likelihood of interest to me were the personals ads shown alongside Facebook messages during late night chats with particularly friendly women. I could have earned £50 a time according to those ads. Could have made a million had I paid attention

  13. Anonymous Coward
    Anonymous Coward

    Google, you're a joke.

    Dear Google, instead of paying millions in bribes to stop laws being made, try spending a few quid complying with them instead.

    Clearly the bungs weren't big enough to the EU to stop this going through

    1. JohnFen

      Re: Google, you're a joke.

      "try spending a few quid complying with them instead"

      Google's problem is that their entire business model is based on doing exactly what the GDPR is intended to stop. They can't "spend a few quid complying". They have to find a brand new business model.

      1. Anonymous Coward
        Anonymous Coward

        Re: Google, you're a joke.

        "[Google] can't "spend a few quid complying". They have to find a brand new business model."

        Goes around comes around. Maybe Google will find out how it felt to be AltaVista when Google came around.

        It's been real. Have a great day.

    2. Mr Han

      Re: Google, you're a joke.

      GDPR is what happens when the likes of Google, Facebook et al. become greedier and greedier and greedier for personal data, to the point where we now talk of 'Big Data', 'Data Slurping', etc.

      Incidentally, I've noticed I no longer receive sufficient search results with Google and now have much more success with Yahoo or Bing.

  14. BinkyTheMagicPaperclip Silver badge

    ' Organisations should "avoid making consent to processing a precondition of a service" '

    That's going to bite a lot of people.

    If ElReg wants to have some fun with IAC (please do, they're almost a monopoly on dating sites) note that one of their sites will keep your details for up to two years of inactivity, and they'll remain on the system (but not visible) for an extended period even if you delete 'just in case you come back'

    uhuh... Nothing to do that artificially padding numbers is a selling point, at all.

    1. Danny 14

      facebook have already said keep using facebook and you consent. Im sure they will be one of the first to be reported come the end of May.

  15. Mr.Bill

    targeting

    If the best they can do on "targeting" is put up ads for the things I had already looked at and bought a week ago from amazon or ebay, (other then good old search based ads) - the good news is its clear that Google is using its knowledge primarily just to give me great services making my "data" work for me. The idea by some "privacy watchdogs" that perhaps my google home or phone is surreptitiously listening to me for "secret" words they hear to advertise against is ludicrous.

  16. Anonymous Coward
    Anonymous Coward

    Advertisers get fucked

    Rest of world laughs.

  17. Anonymous Coward
    Happy

    It's not rocket science

    You need the user to give consent to opt in to targeted advertising. What you need to do as an app developer is offer the user something that makes them want to give that consent. Up until now it's been Google and the app developer who profited from advertising; now it's time to share some of that pie. Be creative and you'll tap into that money stream again.

  18. Anonymous Coward
    Anonymous Coward

    Beware: you may have issues using reCaptcha as well...

    ... it does collect personal information on Google behalf.

    Anything Google does is radioactive, from a privacy perspective.

  19. Handy Andy
    Devil

    Replace adMob with crypto mining - job done.

    Probably earn more too...

  20. YetAnotherJoeBlow

    GDPR

    I think legal at google said "Do not worry about GDPR, shunt it off to the developers." Compliance is THEIR responsibility. We will still get our revenue, let the devs worry about theirs.

    1. ExampleOne

      Re: GDPR

      Google can SAY that's how it works. What is likely to happen in practice is that get's challenged and Google will get another lesson in how to read regulations.

      1. David 164

        Re: GDPR

        Or Google lawyers will turn out to have read the regulations right and we can look forward to GDPR 2.0 yayyyyyyyyyyyyy................

  21. Milton

    Quantity does not equal quality

    The problem with internet advertising is that, like radio advertising, it is cheap.

    And like radio advertising, it is therefore shoddy, amateurish, repetitive garbage. My wife listens to Absolute Radio in the evenings (the one that insists on endlessly shouting "Where real morons mutter!") and I assume she has some kind of firmware filter in her brain to screen out the ads because they are droolingly cretinous. So bad they are almost funny, with the ritual hasty gabble at the end of every advert: "Terms and conditions apply, all the above was a lie".

    The net has the same problem. 99.5% of ads are simply shit. They aren't pretty. Or striking. Or interesting. Or clever. Or funny. Or informative. Or thought-provoking. They're often not even accurate, being crammed with marketurds' lies. They are very rarely relevant to your actual, immediate interests, "targeting" and "personalisation" being a pitiful joke apparently swallowed only by the idiots who spend money on marketing.

    The industry is clearly aware of at least some of this, but has clearly decided that quantity has a quality all of its own and continues to hurl its pathetic shit at an increasingly Teflon-ised wall in the hope that some of it will stick.

    Some interesting things may yet happen. First, suppose that so-called personalisation and targeting are no longer generally possible but click-thru, eyeball and purchase rates do not change much. Or even improve. That will expose the Google and Farcebook shtick and cause a major re-evaluation of the value of those particular lying shysters.

    Second, suppose that advertisers finally take the hint and try to create good quality ads. Imagine that instead of seeing the same lousy, cheap ads a score of times in a browsing session, you only once or twice noticed a humorous, clever advert—one that stimulated some interest, which you then took note of?

    I cannot say that either of these things will definitely happen, but I do suggest that this might actually improve matters. If marketurds are effectively forced to create fewer, better ads, then for once in internet and corporate history, we may see race to the top, instead of the modern trend of hurtling to the bottom.

  22. JibberX

    Wet fart

    So as with other regs of this nature its complete unpolicability and likely nonenforcability will mean no one will know what to do, when to do it, and why.

    Whilst its panic stations of the next fortnight, when's the first nonconformist going to be in the dock? 5 years?

    Is the information commissioner really going to be able to enforce any of this?

    I've read people likening this to kitchen hygene and so on, but its really just a confusion inducing mush.

    Google are just riding it out until everyone realises GDPR has no teeth.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like